Odd issue with two SNATed Firewalls and Wireless router
Andrew Gargan
andrew at iface.co.za
Wed Aug 24 14:30:44 CEST 2005
Hi All
have an issue with a network setup.
the issue is this some client machines on my network (10 of +- 150) keep
losing their connection to our mail server or any other mail server we
set up their accounts on.
This is an issue with my network because as soon as they are on dialup
or iburst or ADSL elsewhere they don't have this issue.
I have a 10.0.0.0/8 network which is my internal net.
this net routes traffic through 10.0.2.1 (SNAT) which is connected to my
DMZ 172.16.0.0/16.
the traffic is then sent out to the world via 172.16.0.1(SNAT) over
sentech mywireless.
I have isolated the issue to being on the 172.16.0.1 machine since a
ISDN leased line in the DMZ works 100%.
Has anyone experienced similar issues using a shared NATed mywireless
....
most of the mail comes down .... it seems to break when transmissions
are over +-600 KB)
I was told that changing the MTU for the ppp0 device to 1300 would help
but no luck there.
Also one strange thing I noticed (though I don't know TCP/IP that well)
was the txqueuelength value of 3 for the ppp0 interface
here is my kernel: 2.6.9-1.667 (FC3)
here is ifconfig:
eth0 Link encap:Ethernet HWaddr 00:03:47:71:7B:36
inet addr:172.16.0.1 Bcast:172.16.0.255 Mask:255.255.255.0
inet6 addr: fe80::203:47ff:fe71:7b36/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27879849 errors:0 dropped:0 overruns:0 frame:0
TX packets:26767743 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:669378689 (638.3 MiB) TX bytes:3461641354 (3.2 GiB)
eth1 Link encap:Ethernet HWaddr 00:03:47:71:7B:37
inet addr:10.0.7.2 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::203:47ff:fe71:7b37/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27333550 errors:0 dropped:0 overruns:0 frame:0
TX packets:28013971 errors:1 dropped:0 overruns:0 carrier:1
collisions:614337 txqueuelen:1000
RX bytes:3798771770 (3.5 GiB) TX bytes:845067479 (805.9 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:13651 errors:0 dropped:0 overruns:0 frame:0
TX packets:13651 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:556916 (543.8 KiB) TX bytes:556916 (543.8 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:196.35.170.61 P-t-P:66.18.87.50
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:7595399 errors:0 dropped:0 overruns:0 frame:0
TX packets:7622079 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1453866192 (1.3 GiB) TX bytes:2513716398 (2.3 GiB)
and iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP tcp -- anywhere anywhere tcp
flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp
flags:SYN,RST,ACK/SYN
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
and mii-tool:
eth0: negotiated 100baseTx-FD, link ok
eth1: no autonegotiation, 10baseT-HD, link ok
eth1 is the ether used to connect to the mywireless ... for routing
purposes the ip it has assigned isn't really used ...
I am using rp-pppoe I think ...
Andrew Gargan
Developer
Interface Media (PTY) Ltd.
Tel: 011 507 3003
More information about the netfilter
mailing list